[Mailman-Users] Modify options-login page
Mark Sapiro
mark at msapiro.net
Fri Jan 27 18:59:43 CET 2012
Michele Federle wrote:
>I've done it, but now there is a problem!!! In the options-page appears an
>error:
>
>Bug in Mailman version 2.1.13
>We're sorry, we hit a bug!
You have made a mistake in modifying options.py. There will be an entry
in Mailman's 'error' log from the above including a traceback and a
Python error.
If you can't figure out your mistake, post the traceback and error and
your modified code.
I suggest you copy/paste the code fragment directly from
<http://mail.python.org/pipermail/mailman-users/2012-January/072811.html>.
>2012/1/27 Mark Sapiro <mark at msapiro.net>
>>
>> If you really mean you would like an authentication failure from the
>> options login page to return the list's listinfo page with an error
>> message, that would be difficult to do because the listinfo page
>> doesn't have a mechanism for reporting errors when invoked with an
>> HTTP GET. And why would you want to take the user away from the login
>> page just because of a simple typo in email address or password?
>
>
>Just because I modified the html and I have both email and password inputs
>for login in the listinfo page :)
>So it would be better if users don't see the login form on the options-page,
>it doesn't suit with the rest!!
OK, but the web UI wasn't designed to work that way, so it's not easy
to do.
>>If you just want to replace the "Authentication failed." error message
>> with something more specific, you could do that, but you would have to
>> modify the code to first validate the member address, because the
>> existing code calls the SecurityManager WebAuthenticate() method to
>> authenticate the entry and it's context (list member, list owner, site
>> owner) and receives onle a True or False return.
>
>
>Oh, such a shame!! And make a simple redirect in case of login-error??
If you want to have an options login failure go back to the listinfo
page, you can make a similar modification to this code:
if cgidata.has_key('password'):
doc.addError(_('Authentication failed.'))
# So as not to allow membership leakage, prompt for the
email
# address and the password here.
if mlist.private_roster <> 0:
syslog('mischief',
'Login failure with private rosters: %s',
user)
user = None
# give an HTTP 401 for authentication failure
print 'Status: 401 Unauthorized'
loginpage(mlist, doc, user, language)
print doc.Format()
return
changing it to something like:
if cgidata.has_key('password'):
doc.addError(_('Authentication failed.'))
# So as not to allow membership leakage, prompt for the
email
# address and the password here.
if mlist.private_roster <> 0:
syslog('mischief',
'Login failure with private rosters: %s',
user)
user = None
listinfo_url = '%slistinfo%s/%s' % (mlist.web_page_url,
mm_cfg.CGIEXT,
mlist.internal_name(),
)
print """Status: 303 See Other
Location: %s
If you see this, <a href=%s>Click to redirect</a>.
""" % (listinfo_url, listinfo_url)
return
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list